It’s been a rough year for healthcare security.
In March, Anthem and Permera both reported breaches. The Anthem data theft resulted in the theft of an estimated 80 million patient records. Permera was small by comparison – a measly 11 million records.
These incidents have badly shaken public confidence in the system as a whole, but they don’t tell the whole story. There are many more incidents that have occurred in 2015 that have flown under the radar. Taken in aggregate, the numbers are quite frightening.
Before we talk specifics, let’s set the scene.
Under the HITECH act, covered Entities who were found to have breaches involving more than 500 individuals are required by section 13402(e)(4) of the HITECH act to notify the Secretary so that their data can be posted on what has come to be termed the “wall of shame”.
It’s important to understand that if an individual’s PHI can have been affected they are required to be handled as if it has been affected.
The HHS data is the best we have, but it is subject to organizations making their reports within the legally mandated period. Not all organizations have respected the reporting rule, and some attacks from late 2014 have only just hit the media.
The data from 2015 is interesting. First, let’s look at the types of breaches that have occurred and how many patients were affected. Note the use of a logarithmic axis to account for two major outliers (Anthem/Premera) which accounted for a combined 90 million patients.
So, let’s focus in on hacking incidents. If we break that data down by month (on a logarithmic scale) we get the following graph.
March was obviously a pretty bad month. May is incomplete as this extract was on the 8th of the month. Factoring these two influences into our analysis it’s clear that the rate of breach is increasing rapidly in 2015. If we compare the first four complete months of 2014 to the same period in 2015 the data is even more startling.
|2015 (Jan – Apr)||2014 (Jan – Apr)|
While this is a pretty simple analysis, the scale of hacking that’s going in healthcare on is concerning, and organizations need to step up their security measures to stop intruders from penetrating their networks and compromising important patient data.